def view_proposals(vendor: str = None, profile: str = None): entries = db.session.query(Vulnerability, Nvd) entries = entries.filter(Vulnerability.creator == g.user) entries = entries.outerjoin(Vulnerability, Nvd.cve_id == Vulnerability.cve_id) entries = entries.order_by(desc(Nvd.id)) bookmarked_page = parse_pagination_param("proposal_p") per_page = 10 entries_non_processed = entries.filter(~Vulnerability.state.in_( [VulnerabilityState.ARCHIVED, VulnerabilityState.PUBLISHED])) entries_full = entries_non_processed.options(default_nvd_view_options) proposal_vulns = get_page(entries_full, per_page, page=bookmarked_page) proposal_vulns = VulnViewTypesetPaginationObjectWrapper( proposal_vulns.paging) entries_processed = entries.filter( Vulnerability.state.in_( [VulnerabilityState.ARCHIVED, VulnerabilityState.PUBLISHED])) bookmarked_page_processed = parse_pagination_param("proposal_processed_p") entries_processed_full = entries_processed.options( default_nvd_view_options) proposal_vulns_processed = get_page(entries_processed_full, per_page, page=bookmarked_page_processed) proposal_vulns_processed = VulnViewTypesetPaginationObjectWrapper( proposal_vulns_processed.paging) return render_template( "profile/proposals_view.html", proposal_vulns=proposal_vulns, proposal_vulns_processed=proposal_vulns_processed, )
def product_view(vendor: str = None, product: str = None): sub_query = db.session.query(Cpe.nvd_json_id).filter( and_(Cpe.vendor == vendor, Cpe.product == product)).distinct() number_vulns = sub_query.count() entries = db.session.query(Vulnerability, Nvd) entries = entries.filter(Nvd.id.in_(sub_query)).with_labels() entries = entries.outerjoin(Vulnerability, Nvd.cve_id == Vulnerability.cve_id) entries = entries.order_by(desc(Nvd.id)) bookmarked_page = parse_pagination_param("product_p") per_page = 10 entries_full = entries.options(default_nvd_view_options) product_vulns = get_page(entries_full, per_page, page=bookmarked_page) product_vulns = VulnViewTypesetPaginationObjectWrapper( product_vulns.paging) entries_commits = get_entries_commits(entries) repo_urls = get_unique_repo_urls(entries_commits) return render_template("product/view.html", vendor=vendor, product=product, product_vulns=product_vulns, repo_urls=repo_urls, number_vulns=number_vulns)
def get_pending_proposals_paged(): entries = db.session.query(Vulnerability, Nvd) entries = entries.filter( Vulnerability.state != VulnerabilityState.PUBLISHED) entries = entries.outerjoin(Vulnerability, Nvd.cve_id == Vulnerability.cve_id) entries = entries.order_by(asc(Vulnerability.state), desc(Nvd.id)) bookmarked_page = parse_pagination_param("review_p") per_page = 10 entries_full = entries.options(default_nvd_view_options) review_vulns = get_page(entries_full, per_page, page=bookmarked_page) review_vulns = VulnViewTypesetPaginationObjectWrapper(review_vulns.paging) return review_vulns
def list(vendor: str = None, profile: str = None): entries = db.session.query(Vulnerability, Nvd) entries = entries.filter( Vulnerability.state != VulnerabilityState.PUBLISHED) entries = entries.outerjoin(Vulnerability, Nvd.cve_id == Vulnerability.cve_id) entries = entries.order_by(desc(Nvd.id)) bookmarked_page = parse_pagination_param("review_p") per_page = 10 entries_full = entries.options(default_nvd_view_options) review_vulns = get_page(entries_full, per_page, page=bookmarked_page) review_vulns = VulnViewTypesetPaginationObjectWrapper(review_vulns.paging) return render_template("review/list.html", review_vulns=review_vulns)
def view_proposals(vendor: str = None, profile: str = None): entries = db.session.query(Vulnerability, Nvd) entries = entries.filter( Vulnerability.creator == g.user, Vulnerability.state != VulnerabilityState.PUBLISHED) entries = entries.outerjoin(Vulnerability, Nvd.cve_id == Vulnerability.cve_id) entries = entries.order_by(desc(Nvd.id)) #if existing_user_proposals: # flash_error("No proposals exist so far.") # return bookmarked_page = parse_pagination_param("proposal_p") per_page = 10 entries_full = entries.options(default_nvd_view_options) proposal_vulns = get_page(entries_full, per_page, page=bookmarked_page) proposal_vulns = VulnViewTypesetPaginationObjectWrapper( proposal_vulns.paging) return render_template("profile/proposals_view.html", proposal_vulns=proposal_vulns)
def __init__(self): self.keyword = None self.top_contributors = [] # TODO: Look into neabling this once public contributions are enabled. # self.fetch_top_contributors() has_annotations_col = Vulnerability.has_annotations vcdb_entries = db.session.query(Vulnerability, Nvd, has_annotations_col) vcdb_entries = vcdb_entries.filter( Vulnerability.state == VulnerabilityState.PUBLISHED) vcdb_entries = vcdb_entries.outerjoin( Nvd, Vulnerability.cve_id == Nvd.cve_id) vcdb_entries = vcdb_entries.options(default_nvd_view_options) vcdb_entries = vcdb_entries.from_self() vcdb_entries = vcdb_entries.order_by( desc(has_annotations_col), asc(Vulnerability.date_created), desc(Vulnerability.id), ) self.vcdb_entries = vcdb_entries nvd_entries = db.session.query(Nvd) nvd_entries = nvd_entries.outerjoin(Vulnerability, Nvd.cve_id == Vulnerability.cve_id) nvd_entries = nvd_entries.options(default_nvd_view_options) nvd_entries = nvd_entries.filter(Vulnerability.cve_id.is_(None)) nvd_entries = nvd_entries.order_by(desc(Nvd.published_date), desc(Nvd.id)) self.nvd_entries = nvd_entries self.keyword = request.args.get("keyword", None, type=str) apply_filter = None if self.keyword: # TODO: Make the filtering work with fulltext search as well. if VulnerabilityDetails.is_cve_id(self.keyword): apply_filter = or_(False, Nvd.cve_id == self.keyword) elif VulnerabilityDetails.is_vcdb_id(self.keyword): apply_filter = or_(False, Vulnerability.id == self.keyword) else: escaped_keyword = self.keyword.replace("%", "") # escaped_keyword = re.sub('[\W]+', ' ', self.keyword) # Attention: We can't use FullText search here because of some # buggy Mysql 5.7 behavior (using FullText on Join results seems # is doing bad things. We might need to apply the filter before # joining below. # apply_filter = or_( # FullTextSearch(escaped_keyword, Nvd, # FullTextMode.BOOLEAN), # FullTextSearch(escaped_keyword, Vulnerability, # FullTextMode.BOOLEAN)) apply_filter = or_( Nvd.descriptions.any( Description.value.like("%" + escaped_keyword + "%")), Vulnerability.comment.like("%" + escaped_keyword + "%"), ) # TODO: add product search support. # apply_filter = or_(apply_filter, Cpe.product == keyword) if apply_filter is not None: self.vcdb_entries = self.vcdb_entries.filter(apply_filter) self.nvd_entries = self.nvd_entries.filter(apply_filter) per_page = 7 vcdb_bookmarked_page = parse_pagination_param("vcdb_p") # Replace a sqlakeyset function to support our use case. # TODO: File a PR for this? sqlakeyset.paging.value_from_thing = custom_value_from_thing self.vcdb_pagination = get_page(self.vcdb_entries, per_page, page=vcdb_bookmarked_page) self.vcdb_pagination = VulnViewTypesetPaginationObjectWrapper( self.vcdb_pagination.paging) num_vuln_entries = db.session.query(func.count( Vulnerability.id)).scalar() self.vcdb_pagination.set_total(num_vuln_entries) nvd_bookmarked_page = parse_pagination_param("nvd_p") self.nvd_pagination = get_page(self.nvd_entries, per_page, page=nvd_bookmarked_page) self.nvd_pagination = VulnViewTypesetPaginationObjectWrapper( self.nvd_pagination.paging) num_nvd_entries = db.session.query(func.count(Nvd.id)).scalar() num_unique_nvd_estimate = num_nvd_entries - num_vuln_entries self.nvd_pagination.set_total(num_unique_nvd_estimate)